How to use where clause in Knex
Create refunds with Stripe
Load HTML with Cheerio
How to send POST request with Axios
Find intersection of array in Lodash
Powered by Official white Bloop logo with a period

Terms / Privacy / Search / Support

  • // provide permissions to describe the user pool scoped to the ARN the user pool
    postAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {
      statements: [new iam.PolicyStatement({
        actions: ['cognito-idp:DescribeUserPool'],
        resources: [userpool.userPoolArn],
      })],
    }));
    
    Docs
    0
  • const policyDocument = {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "FirstStatement",
          "Effect": "Allow",
          "Action": ["iam:ChangePassword"],
          "Resource": "*"
        },
        {
          "Sid": "SecondStatement",
          "Effect": "Allow",
          "Action": "s3:ListAllMyBuckets",
          "Resource": "*"
        },
        {
          "Sid": "ThirdStatement",
          "Effect": "Allow",
          "Action": [
            "s3:List*",
            "s3:Get*"
          ],
          "Resource": [
            "arn:aws:s3:::confidential-data",
            "arn:aws:s3:::confidential-data/*"
          ],
          "Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}
        }
      ]
    };
    
    const customPolicyDocument = iam.PolicyDocument.fromJson(policyDocument);
    
    // You can pass this document as an initial document to a ManagedPolicy
    // or inline Policy.
    const newManagedPolicy = new iam.ManagedPolicy(this, 'MyNewManagedPolicy', {
      document: customPolicyDocument,
    });
    const newPolicy = new iam.Policy(this, 'MyNewPolicy', {
      document: customPolicyDocument,
    });
    
    Docs
    0
  • declare const books: apigateway.Resource;
    declare const iamUser: iam.User;
    
    const getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {
      authorizationType: apigateway.AuthorizationType.IAM
    });
    
    iamUser.attachInlinePolicy(new iam.Policy(this, 'AllowBooks', {
      statements: [
        new iam.PolicyStatement({
          actions: [ 'execute-api:Invoke' ],
          effect: iam.Effect.ALLOW,
          resources: [ getBooks.methodArn ]
        })
      ]
    }))
    
    Docs
    0
  • // This imports an existing policy.
    const boundary = iam.ManagedPolicy.fromManagedPolicyArn(this, 'Boundary', 'arn:aws:iam::123456789012:policy/boundary');
    
    // This creates a new boundary
    const boundary2 = new iam.ManagedPolicy(this, 'Boundary2', {
      statements: [
        new iam.PolicyStatement({
          effect: iam.Effect.DENY,
          actions: ['iam:*'],
          resources: ['*'],
        }),
      ],
    });
    
    // Directly apply the boundary to a Role you create
    declare const role: iam.Role;
    iam.PermissionsBoundary.of(role).apply(boundary);
    
    // Apply the boundary to an Role that was implicitly created for you
    declare const fn: lambda.Function;
    iam.PermissionsBoundary.of(fn).apply(boundary);
    
    // Apply the boundary to all Roles in a stack
    iam.PermissionsBoundary.of(this).apply(boundary);
    
    // Remove a Permissions Boundary that is inherited, for example from the Stack level
    declare const customResource: CustomResource;
    iam.PermissionsBoundary.of(customResource).clear();
    
    Docs
    0
  • const bucket = s3.Bucket.fromBucketName(this, 'existingBucket', 'bucket-name');
    
    // No policy statement will be added to the resource
    const result = bucket.addToResourcePolicy(new iam.PolicyStatement({
      actions: ['s3:GetObject'],
      resources: [bucket.arnForObjects('file.txt')],
      principals: [new iam.AccountRootPrincipal()],
    }));
    
    Docs
    1
  • new pipelines.CodePipeline(this, 'Pipeline', {
      synth: new pipelines.CodeBuildStep('Synth', {
        input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', {
          connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });',
        }),
        commands: [
          // Commands to load cdk.context.json from somewhere here
          '...',
          'npm ci',
          'npm run build',
          'npx cdk synth',
          // Commands to store cdk.context.json back here
          '...',
        ],
        rolePolicyStatements: [
          new iam.PolicyStatement({
            actions: ['sts:AssumeRole'],
            resources: ['*'],
            conditions: {
              StringEquals: {
                'iam:ResourceTag/aws-cdk:bootstrap-role': 'lookup',
              },
            },
          }),
        ],
      }),
    });
    
    Docs
    0
  • new lambda.Function(this, 'OnEventHandler', {
      // ...
      initialPolicy: [
        new iam.PolicyStatement({ actions: [ 's3:GetObject*' ], resources: [ '*' ] })
      ]
    });
    
    Docs
    0
  • declare const vpc: ec2.Vpc;
    declare const mySecurityGroup: ec2.SecurityGroup;
    new pipelines.CodeBuildStep('Synth', {
      // ...standard ShellStep props...
      commands: [/* ... */],
      env: { /* ... */ },
    
      // If you are using a CodeBuildStep explicitly, set the 'cdk.out' directory
      // to be the synth step's output.
      primaryOutputDirectory: 'cdk.out',
    
      // Control the name of the project
      projectName: 'MyProject',
    
      // Control parts of the BuildSpec other than the regular 'build' and 'install' commands
      partialBuildSpec: codebuild.BuildSpec.fromObject({
        version: '0.2',
        // ...
      }),
    
      // Control the build environment
      buildEnvironment: {
        computeType: codebuild.ComputeType.LARGE,
      },
    
      // Control Elastic Network Interface creation
      vpc: vpc,
      subnetSelection: { subnetType: ec2.SubnetType.PRIVATE },
      securityGroups: [mySecurityGroup],
    
      // Additional policy statements for the execution role
      rolePolicyStatements: [
        new iam.PolicyStatement({ /* ... */ }),
      ],
    });
    
    Docs
    0
  • // provide permissions to describe the user pool scoped to the ARN the user pool
    postAuthFn.role?.attachInlinePolicy(new iam.Policy(this, 'userpool-policy', {
      statements: [new iam.PolicyStatement({
        actions: ['cognito-idp:DescribeUserPool'],
        resources: [userpool.userPoolArn],
      })],
    }));
    
    Docs
    0
  • // The code below shows an example of how to instantiate this type.
    // The values are placeholders you should change.
    import * as iam from '@aws-cdk/aws-iam';
    
    declare const policyDocument: any;
    
    const cfnPolicy = new iam.CfnPolicy(this, 'MyCfnPolicy', {
      policyDocument: policyDocument,
      policyName: 'policyName',
    
      // the properties below are optional
      groups: ['groups'],
      roles: ['roles'],
      users: ['users'],
    });
    
    Docs
    0
  • const policy = iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess');
    iam.PermissionsBoundary.of(this).apply(policy);
    
    Docs
    0
  • declare const vpc: ec2.Vpc;
    const role = new iam.Role(this, 'RDSDirectoryServicesRole', {
      assumedBy: new iam.ServicePrincipal('rds.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSDirectoryServiceAccess'),
      ],
    });
    const instance = new rds.DatabaseInstance(this, 'Instance', {
      engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_19 }),
      vpc,
      domain: 'd-????????', // The ID of the domain for the instance to join.
      domainRole: role, // Optional - will be create automatically if not provided.
    });
    
    Docs
    0
  • const myRole = new iam.Role(this, 'My Role', {
      assumedBy: new iam.ServicePrincipal('sns.amazonaws.com'),
    });
    
    const fn = new lambda.Function(this, 'MyFunction', {
      runtime: lambda.Runtime.NODEJS_12_X,
      handler: 'index.handler',
      code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
      role: myRole, // user-provided role
    });
    
    myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
    myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")); // only required if your function lives in a VPC
    
    Docs
    0
  • Powered by Official black Bloop logo with a period
    download the IDE extension

    View other examples